Malware Ownage

This weekend I was browsing the web. I found a link for what appeared to by a juicy story. The headline was that Miley Cyrus, the actress who plays Hannah Montana, had moved in with her boyfriend. Link any chump I clicked through. I got the feeling I was in trouble when the web page never showed up, but my system starting acting like it was very busy.

Here is how I knew I was definitely in trouble. I tried to bring up the Task Manager but it was grayed out. In other words, my Task Manager had been disabled. Normally I use Task Manager to kill malware executables when my system gets infected. However this ability had been stripped. At first I thought some rogue program just disabled the access from the menu. So I went to the Start Run menu, and tried to launch “TaskMgr.exe”. What I saw next was the beginning of a very long weekend. The message I received back was that the Task Manager had been disabled by my system administrator.

I figured that I was up against a pretty smart malware program that was going who knows what with my PC. So I went to Google looking for a way to get my Task Manager running again. Google had a lot of hits on this particular subject. There was just one problem. Every time I tried to click one of the links from the Google search results, I got sent to some advertising page. It looks like the malware was hijacking my search results. That was painful.

Now I am not one to give up easily. It was a little annoying that I did not have control of my system. But I was confronted with what I would call a very smart malware program. I did notice that my Google search results had the real URLs listed at the bottom of each result. I copied and pasted the link for a page which hopefully would restore my ability to run Task Manager. Apparently the trick was to modify a certain registry entry.

I had thought I reached some level of success. My ability to run RegEdit had not been compromised. But I still could not run Task Manager even after a reboot. Then I found out the pain. This malware program was detecting that I was changing the registry entry. And it was changing the value back before I could reboot. This was indeed one smart program. It did all kinds of other damage to my system. I will continue the tale of my battle with this malware program in a future blog post. I promise you the story is filled with juicy details.